svcready | 4ee95bea87b8ee810c23526b2c63138adc5d88a0937df45e16d54dc941a75fcb | Triage

Analysis

max time kernel
133s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
18-08-2022 15:20

Sharing

Report Analysis Logs

General

Target

4ee95bea87b8ee810c23526b2c63138adc5d88a0937df45e16d54dc941a75fcb.dll
Size

1.3MB
MD5

c291e3103b80ba215fc0e37200532596
SHA1

c10bbdae6887bacd30db8a96c4a1b25f0c05a84f
SHA256

4ee95bea87b8ee810c23526b2c63138adc5d88a0937df45e16d54dc941a75fcb
SHA512

cd57505bdce25d9c797309a951f0eadb1abd21159f75f3c3bf5805b6b99f7e6b0a7010213d10e00f2e9710f1de2723434541c753f2a6f7bc728c3546a25866f8

Score

10^/10

svcready loader

Malware Config

Signatures

Detects SVCReady loader 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/2220-133-0x0000000010000000-0x0000000010091000-memory.dmp	family_svcready

SVCReady
SVCReady is a malware loader first seen in April 2022.
loader svcready

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 3512 wrote to memory of 2220	3512	regsvr32.exe	regsvr32.exe
PID 3512 wrote to memory of 2220	3512	regsvr32.exe	regsvr32.exe
PID 3512 wrote to memory of 2220	3512	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4ee95bea87b8ee810c23526b2c63138adc5d88a0937df45e16d54dc941a75fcb.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3512
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\4ee95bea87b8ee810c23526b2c63138adc5d88a0937df45e16d54dc941a75fcb.dll
  2⤵
  PID:2220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2220-132-0x0000000000000000-mapping.dmp

Download
memory/2220-133-0x0000000010000000-0x0000000010091000-memory.dmp

Filesize
580KB

Download